A new study from Hive Systems, a global provider of cybersecurity services and products, finds that the public and media are misaligned when it comes to actual cybersecurity risks, leaving organizations exposed to the most common and effective attack methods.

The research leveraged data from the 2024 Verizon Data Breach Investigations Report, leading media outlets and public search trends, to highlight critical perception gaps.

System Intrusion (defined as hacking, malware, ransomware, exploiting workstation software, stolen credentials, system memory scrapers), though accounting for only 16 percent of incidents, received overwhelming media coverage, including 68 percent in The Guardian and 39 percent of Google search trends.

Social Engineering (phishing of emails, texts or phone calls), responsible for 26 percent of breaches, is noticeably underrepresented, with only 4 percent coverage in The Guardian and 14 percent in citation statements.

Basic Web Application Attacks (defined by Hive Systems as exploiting vulnerable software, using stolen passwords, etc.), make up 8 percent of breaches, but are virtually ignored in major media outlets and public discourse, with zero percent coverage in The New York Times and minimal search interest (1 percent).

“This data paints a concerning picture of misplaced focus,” said Alex Nette, CEO and co-founder of Hive Systems. “Organizations are often influenced by media narratives and search trends that spotlight sensational breaches, while the most prevalent and preventable threats fly under the radar. This misalignment results in resource mis-allocation and unnecessary vulnerabilities.”

The study underscores the dangers of misinformed cybersecurity priorities, the Hive Systems report found. With media and public attention disproportionately focused on complex attacks, simpler but more common vectors, like social engineering and web application vulnerabilities, remain neglected. This leaves businesses and individuals exposed to risks that could otherwise be mitigated.

Hive Systems recommends organizations realign their cybersecurity strategies to match the actual threat landscape. “Education and awareness can only go so far, and data driven peer risk benchmarks are needed to help close the perception gap and fortify companies against the most impactful threats, the report noted.

For a detailed breakdown of the study and access to the full report, visit The Cyber Attack Perception Problem.